The Problem with Data

9/27/2017

More than 2.5 quintillion bytes of data are created every day. The sum of all knowledge will double every 12 hours in the future, said 2017 ASIS President Thomas J. Langer, CPP, in his opening remarks at ASIS 2017.

That is a mind-boggling amount of data that will be created in the near future. And as we've seen over the past few years, it's becoming a liability for companies facing ever-more sophisticated cyberattacks.

Earlier this month, credit reporting agency Equifax reported that approximately 143 million of its customers' private data may have been exposed in a massive data breach.

The hackers behind the attack gained access to customers' names, birth dates, Social Security numbers, and addresses. While most of the customers were from the United States, individuals from Canada and the United Kingdom were also impacted.

The Equifax breach was almost seven times larger than the U.S. Office of Personnel Management breach. The treasure trove of data it exposed is ideal for criminals looking to carry out benefits and tax fraud, identity theft, and more, wrote Rick Holland, vice president of strategy at Digital Shadows, in a blog about the impact of the Equifax breach on enterprises and consumers.

"Attribution aside, one thing is certain though, regardless of the motivations of the attackers, this data is perfect for social engineering attacks," Holland wrote.

And social engineering attacks are still criminals' preferred method when it comes to spreading malware to victims, such as ransomware.

"Now firmly established as a daily desktop malware threat, the profile of ransomware as a threat on mobile devices will grow as developers hone their skills in attacking those operating systems and platforms," EUROPOL said in a recent report on Internet crime.

EUROPOL also predicts that devices will be the next "fertile ground for the proliferation of mobile ransomware."

All of this has prompted renewed debate on the increased need for data breach laws and regulation to keep sensitive data secure.

Europe is leading the way with the EU General Data Protection Regulation, and the United States may follow suit in light of the Equifax breach.

"In a world where one line of faulty computer code can mean the difference between normalcy and chaos, it is often not a question of if, but when, the most sensitive systems will be hacked," wrote U.S. Representative Ted Lieu (D-CA) in an op-ed for Slate about the fallout from Equifax. "Given this reality, we must improve our ability to react at every level after companies have been breached."